[apparmor] [patch] [6/7] Add support for handling ptrace rules everywhere

Sat Dec 26 23:36:05 UTC 2015

On 12/08/2015 11:38 AM, Christian Boltz wrote:
> Hello,
> 
> $subject ;-)
> 
> "Everywhere" means aa-mergeprof and aa-cleanprof. In theory also
> aa-logprof, but that needs some code that parses ptrace log events ;-)
> 
> 
Acked-by: John Johansen <john.johansen at canonical.com>

> [ 33-enable-ptrace-everywhere.diff ]
> 
> === modified file ./utils/apparmor/aa.py
> --- utils/apparmor/aa.py        2015-12-03 22:04:36.782275414 +0100
> +++ utils/apparmor/aa.py        2015-12-03 22:05:13.362019693 +0100
> @@ -61,7 +61,7 @@
>  from apparmor.rule.signal     import SignalRuleset,    SignalRule
>  from apparmor.rule import parse_modifiers, quote_if_needed
>  
> -ruletypes = ['capability', 'change_profile', 'network', 'rlimit', 'signal']
> +ruletypes = ['capability', 'change_profile', 'network', 'ptrace', 'rlimit', 'signal']
>  
>  from apparmor.yasti import SendDataToYast, GetDataFromYast, shutdown_yast
>  
> 
> Regards,
> 
> Christian Boltz
>